Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Python dependencies before 0.3.9-rc2
Normally, we're hesistant to issue an update for dependencies when we've already entered the release candidate(s) stage of the release process. In this case, the changes I'm adding are all minor bug fixes that I've reviewed. Two of the fixes were labeled as security issues, however, they don't really affect us as explained below. * Werkzeug * A bug that allowed XSS attacks on the debug page has been fixed (we don't run Flask in debug mode in production) - pallets/werkzeug#1001 * Invalid Content-Type makes for parsing throw ValueError exception (the fix returns an invalid request 400 Bad Request page instead of an internal server error when the content-type field of a HTTP request is bad--such as ' ' or ',') - pallets/werkzeug#995 * Raise BadRequestKeyError instead of IndexError in MultiDict when calling __getitem__ on a key with an empty associated list of values (Flask returns forms and query strings as MultiDicts. This is just better error-handling, no real bug being fixed here.) - pallets/werkzeug#979 * pytop * The string comparison function now no longer leaks string length (shouldn't affect SD because the length of our TOTP codes are already known) - pyauth/pyotp#28
- Loading branch information